def decorated_function(*args, **kwargs):
res = _check_internal_request(request, session, False, True, SystemPermissions.PERMIT_ADMIN_USERS)
# If not admin_users, allow GET and PUT for current user's record
if res:
allow = (request.method == 'GET' or request.method == 'PUT') and \
'user_id' in kwargs and \
kwargs['user_id'] == get_session_user_id()
if not allow:
return res
return f(*args, **kwargs)
def admin_login_required():
return _check_internal_request(request, session, True, True, 'admin_any')
